Abstract
While classical client-server systems are mostly equipped with numerous
security features, most peer-to-peer systems still lack authentication mechanisms
and communication encryption.
In this paper, we extend the well-known P2P-based protocol Kademlia to an
access-restricted and secure distributed hash table (DHT), called
Kademlia Secure (KadS). While traditional P2P networks allow
every node to join and communicate with one another, our DHT protocol
implements certificate-based authentication and encrypts the communication
between participating nodes, i.e. nodes have to possess a valid CA-signed
public key certificate and a matching private key to join the network.
Therefore, KadS allows the creation of a trustworthy P2P network and can
be used to store confidential information in a distributed manner.
As a primary application for KadS, we implemented a
P2P-based URL blacklisting service on-top of the secure DHT:
in order to protect Internet users from unintentionally browsing
malicious web sites, our main goal was to develop the infrastructure
for a blacklisting service that warns users before visiting potentially
harmful sites. Instead of using a centralized data store, however, we used
KadS as a distributed storage and extended it to a browser-accessable
blacklist service. The developed blacklist stores information about
malicious web sites and provides an interface for end-users to access it.
